Challenges in Protecting Tor Hidden Services from Botnet Abuse
نویسنده
چکیده
In August 2013, the Tor network experienced a sudden, drastic reduction in performance due to the Mevade/Sefnit botnet. This botnet ran its command and control server as a Tor hidden service, so that all infected nodes contacted the command and control through Tor. In this paper, we consider several protocol changes to protect Tor against future incidents of this nature, describing the research challenges that must be solved in order to evaluate and deploy each of these methods. In particular, we consider four technical approaches: resource-based throttling, guard node throttling, reuse of failed partial circuits, and hidden service circuit isolation.
منابع مشابه
Short Paper: Challenges in protecting Tor hidden services from botnet abuse
In August, 2013 the Tor anonymity network saw a rapid spike in the number of directly connecting users, due to the large “mevade” click-fraud botnet running its command and control (C&C) as a Tor Hidden Service. Figure 1(a) shows that estimated daily clients increased from under 1 million to nearly 6 million in three weeks. Figure 1(b) shows the effects on performance: measured downloading time...
متن کاملProtecting Tor from botnet abuse in the long term
Starting on August 20, 2013 the Tor network has seen a rapid spike in the number of directly connecting users. This spike is apparently due to the large “mevade” click-fraud botnet running its command and control (C&C) as a Tor Hidden Service. Figure 1 shows that estimated daily clients increased from under 1 million to nearly 6 million in three weeks. Figure 2a shows the effects on performance...
متن کاملAbusing Privacy Infrastructures: Analysis and Mitigations
In the last two decades, advances in privacy-enhancing technologies, including cryptographic mechanisms, standardized security protocols, and infrastructure, significantly improved the privacy of users. Tor, a byproduct of those primitives, emerged as a practical solution to protecting the privacy of citizens against censorship and tracking. At the same time, Tor’s success encouraged illegal ac...
متن کاملTorPolice: Towards Enforcing Service-Defined Access Policies in Anonymous Systems
1 ABSTRACT Tor is the most widely used anonymity network, currently serving millions of users each day. However, there is no access control in place for all these users, leaving the network vulnerable to botnet abuse and attacks. For example, criminals frequently use exit relays as stepping stones for attacks, causing service providers to serve CAPTCHAs to exit relay IP addresses or blacklistin...
متن کاملPoster: Mitigating OnionBots
Over the last decade botnets have become a serious security threat. They have evaded mitigation and take overs by adopting an increasing sophisticated strategies. At the same time the rise and success of privacy infrastructures, has opened new possibilities of abuse by malicious users. Tor is a prominent example of such infrastructure, which allows users to hide their activities and location fr...
متن کامل